Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to permit all attributes besides user_id using strong_parameters?

Tags:

ruby

ruby-on-rails

ruby-on-rails-4

strong-parameters

I would like to use something like that:

def answer_params
  params.require(:answer).permit!.without(:user_id)
end
like image 362
tomekfranek Avatar asked Mar 20 '13 16:03

tomekfranek

2 Answers

will this work?

params.require(:answer).permit!.except(:user_id)
like image 158
jvnill Avatar answered Sep 28 '22 07:09

jvnill

I just want to put this out here, whitelisting is not DRY. Imagine a JSON API for a document based entry that could have up to 100 (or more) attributes (key value pairs). Generally the only pieces you need concern with are attributes that can escalate privileges like user_id.

like image 43
Jason Kenney Avatar answered Sep 28 '22 09:09

Jason Kenney
Sign in to Comment

Related questions

Rails, Ruby 1.9.3p0, and mysql gem
rails encryption/decryption
Serving Assets on 'static' subdomain
how to remove attributes from a Mongoid Model, i.e., not just nullifying their values
ActiveRecord: count with groups
How to access the current rails object id in javascript
Ruby on Rails Tutorial 7.2.2 : rspec failure : action 'create' could not be found for UsersController
Capybara + Selenium + RSpec — LoadError when setting JS to true
how to set default ruby with rvm
Capybara+Rspec how to match a part of tag attribute
Alternatives to Bootstrap for Rails
Ruby on rails app works locally but does not work on heroku
How to test the value of a CSS selector using Capybara and RSpec?
Add remote: => true on Form_for
How do I order the results of rails geocoder gem by something other than distance
What parameters do I need to pass in the controller to a Carrierwave-mounted model?
Rails - Savon set multiple namespaces
Rails: DoubleRenderError - "Render and/or redirect were called multiple times in this action"
How does Delayed Job work in Ruby on Rails ?
Ruby/PgSQL error on Rails start : cannot load such file -- pg_ext (LoadError)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!